rom@xor.Sun.COM (Achyutram Bhamidipaty) (06/21/89)
I have decided to tackle a new project and I would like some advice on some
points. What I would like to do is build a descrambler for my cable system.
I am sure that this is not entirely legal, but the engineer part of me can't
pass up a challange like this.
What information I would like from people on the net:
1. Pointers to books or articles that have techincal explanations of
TV signals. Information like how many scan lines are in a field,
how often is the screen refreshed, etc. I did get some books but
most of them basically said that an electron beam is used to draw
the image on the screen and didn't go any deeper.
2. Any articles or books that deal specifically with descrambling
cable signals. I would prefer to invent the descrambler rather
than just copy some one else's design.
3. Opinions on how complex this task might be. Do you think that not
having access to a digital scope, storage scope, or frequency
analyzer would be a major handicap.
4. Pointers from people who have tried this.
5. Any other suggestions.
Thanks in advance.
-Rom
rom@xor.sun.comflash@lopez.UUCP (Gary Bourgois) (06/21/89)
From article <111377@sun.Eng.Sun.COM>, by rom@xor.Sun.COM (Achyutram Bhamidipaty): > > I have decided to tackle a new project and I would like some advice on some > points. What I would like to do is build a descrambler for my cable system. > I am sure that this is not entirely legal, but the engineer part of me can't > pass up a challange like this. Cable piracy is quite illegal. Signal theft can (and often WILL) result in fines and/or imprisonment. If everyone stole cable premium signals, the services would cease to exist for economics. That disclaimer out of the way..... Many engineers construct descramblers for the challenge of it, or for other experimental reasons. There are 525 lines per frame and 59.94 fields per second in the standard NTSC television image. This, however does not have much to do with descrambling, i.e. it is NOT the key (exactly).. Your first mission is to determine which encription scheme is being used at YOUR site. Common systems include: Gated Sync Oak Orion And several variations. A more common method of signal encryption, which is most economical for the cable company is to insert a pulse modulated signal BETWEEN the audio and video carriers. You can determine if this is in use because the signal pulses and beeps at a fast rate. A simple resonant frequency filter is all that is needed to remove this signal. As for the rest of the scrambling systems, they employ variations on the theme of "sync confusion" most often by inserting an out of phase sync component at the vertical rate, or by stripping off one of the synch signals (vertical always as far as I know) and "hiding it" in the fm band or somewhere else. Without a scope, it is pretty hard to see just which system your company is using. A trained eye can hazard a guess though. As to constructing your own descrambler... I refer you to Radio Electronics Magazine, available in most grocery stores. Actually all Electronics magazines I know of have ads for companies that offer theory books, construction plans and even kits for the experimenter. I am posting this because most of the mail I send in reply mode bounces. Also thought others on the net might be curious. -- | Gary Bourgois flash@lopez.UUCP ..rutgers!mailrus!sharkey!lopez!flash | | Great White North UPLink, Marquette Michigan | | NATIONWIDE AMATEUR RADIO (1500 watts on 3950) --- nightly after 0200z | |___________________WB8EOH - The Eccentric Old Hippie____________________|
henry@utzoo.uucp (Henry Spencer) (06/21/89)
In article <111377@sun.Eng.Sun.COM> rom@xor.Sun.COM (Achyutram Bhamidipaty) writes: >... What I would like to do is build a descrambler for my cable system. How practical this is depends on what scrambling system is in use (yes, there is more than one -- a lot more than one). The DES-based encryption scheme used by the major satellite video companies these days is effectively impossible for an amateur to break. -- NASA is to spaceflight as the | Henry Spencer at U of Toronto Zoology US government is to freedom. | uunet!attcan!utzoo!henry henry@zoo.toronto.edu
mmm@cup.portal.com (Mark Robert Thorson) (06/22/89)
I once built a descrambler with no components except an SPDT switch! Several years ago, channel 26 in San Francisco was broadcasting scrambled transmissions in which the horizontal sync pulse was inverted. I opened up my set, and found a single pc trace going from the video amp section to the horizontal sweep section. I cut this trace and hooked up the input to the horz sweep to the pole of the switch. I hooked one side of the switch to the signal from the video amp section. The other side of the switch was hooked to a signal I found by experiment. First, I hooked it to the other side of the same transistor which generated the signal going to the "normal" side of the switch. Didn't work. Then, I traced the base input to that transistor back to another transistor in the video section. My first connection there didn't do anything, either. Then, I moved the connection to the other side of that same transistor. Bingo! I had found an inverted form of the video signal, and it worked just fine for receiving the scrambled transmissions. I still couldn't get the sound, because it was scrambled in some obscure fashion, but that really didn't matter, because channel 26 only broadcasted pornography :-) BTW, this can be dangerous. My set was isolated from the line by a transformer. Don't assume that because I lived to tell this story, that you will too. [copyright 1989 Mark Thorson; all uses of this document are allowed, except for republication in moderated new services, such as that provided by Anterior Technology.]
ISW@cup.portal.com (Isaac S Wingfield) (06/23/89)
Without going into too much detail (an exercise for the student?), it's useful to note that *all* the sync signals in NTSC TV are harmonically related - you can do the division yourself, but from the color subcarrier at 3.579545 MHz, which is available from the phase-locked oscillator in the set, you can derive both HSync and VSync using digital divide chains. You have to do a little manual cycle skipping to get things lined up, but once it's locked, it's good for the evening... (Don't ask me how I know). Innocent question - they're sending that scrambled signal uninvited into my house. Exactly why is it illegal to use it for my own reasons? If they don't want me to have it. they can keep it out (some cable systems do just that, with bandstop filters outside the house). I know it's not nice to sell decoders, or kits, or plans, but exactly why is it illegal for me to make use of signals within the privacy of my own home? Isaac isw@cup.portal.com
crc@raider.MFEE.TN.US (Charles Cain) (06/27/89)
The first method, gated sync, is a fairly old system. 90% of the satellite systems in use today use the MA/COM Videocipher II system, with the rest being a conglomerate of OAK ORION, SA B-MAC, and CBS Network uses VideoCipher I. This being stated, VCII is probably the widest used in consumer applications. The system is quite secure as it uses the DES algorithm for encryption purposes and DIGITAL AUDIO. Therefore, one could unscramble the video easily but the audio is a whole different matter. The video is stripped of all H sync and V sync information and it is digitized and transmitted with the 56 bit 'key' for descrambling. The audio is digitized also and is transmitted where the H Sync used to be. The color subcarrier is also done this way. For purposes of transmission, a replacement H Sync pulse is generated and transmitted and this is the gated sync pulse. On dark scenes it might lock up to an ordinary TV set but when a lightly colored scene comes up it will get scrambled up REAL good. If someone is lucky enough to guess the 56 bit key, then he might think he has the system beat. Not quite. There are 2 modes of operation, fixed key and individually addressable. Fixed key is used mostly during testing. When the system is fully operational, IA is used. Each uplink site that is transmitting scrambled material has a computer that transmits the next months key and the address of those descramblers authorized to receive the program. The computer is capable of authorizing or deauthorizing up to 2.5 million descramblers a day. Hope this helps some. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- DOMAIN: crc@raider.mfee.tn.us | From NASHVILLE, TENNESSEE Satellite Engineer, TNN | Home of the Grand Old Opry! PHONE: (615-459-9449) | ----------------------------------------------------------------------------- Disclaimer: These words do not reflect or express the views of The Nashville Network in any way. The words and the way they are used is solely MY FAULT!!!!!!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
henry@utzoo.uucp (Henry Spencer) (06/28/89)
In article <19791@cup.portal.com> ISW@cup.portal.com (Isaac S Wingfield) writes: >Innocent question - they're sending that scrambled signal >uninvited into my house. Exactly why is it illegal to use >it for my own reasons? ... Basically, because the government says so. Need you ask? :-) -- NASA is to spaceflight as the | Henry Spencer at U of Toronto Zoology US government is to freedom. | uunet!attcan!utzoo!henry henry@zoo.toronto.edu
wtm@neoucom.UUCP (Bill Mayhew) (06/30/89)
Unfortunately, the Videocipher II is not a terribly secure system, eventhough it uses the DES algorithm to encode the digital audio stream. The problem lies in the fact that the key updating is done via the over-the-air data stream. I don't know the specifics of the methods used to attempt to compromise videociphers, but I've heard that pirates modify the ROM controlling the housekeeping CPU (an 8048). It is possible to spoof the audio subsystem by sending it bogus control messages from the CPU, then trapping key updates illegally. After General Instruments bought the Videocipher business from MA/Com, there was a mass recall of the original vcIIs, where GI put in new motherboards that had green epoxy dumped all over the vulnerable parts of the board (ROM, CPU, slave CPU for the audio subsystem, etc.) to discourage unauthorized modifications for reception. The latest vcIIs apparently are using macrocell ASICs that do away with the separate ROM chip, as enterprising prirates were still grinding off the epoxy to change the ROMs. I do say illeagally. There are heavy fines and/or jail in the US for theft of service. A new vcII+ has been announced that will make use of key cards that are distributed via surface mail, which is what they should have done all along. More "tier" bits will be added too, which will allow more scrambled services to be supported. In the current vc technology, all the available tier bits have already been sold to various broadcasters, thus preventing any new separate services from being added. The new vcII+ is also rumored to be desinged such that it will be able to support high definition TV in the future. Exactly how the new vcII+ is going to affect the market is unclear, as there are a lot of the older model in the field that should need continued support. It would be very unkind for GI to welch on its promise to the US government that the original vcII would be the only encoding system the world would ever need. Bill wtm@neoucom.UUCP